Provided by: libseccomp-dev_2.1.1-1ubuntu1~trusty5_amd64 bug

NAME
       seccomp_merge - Merge two seccomp filters


SYNOPSIS
       #include <seccomp.h>

       typedef void * scmp_filter_ctx;

       int seccomp_merge(scmp_filter_ctx dst, scmp_filter_ctx src);

       Link with -lseccomp.


DESCRIPTION
       The  seccomp_merge()  function  merges  the  seccomp  filter in src with the filter in dst and stores the
       resulting in the dst filter.  If successfull, the src seccomp filter is released and all internal  memory
       assocated  with  the  filter  is freed; there is no need to call seccomp_release(3) on src and the caller
       should discard any references to the filter.

       In order to merge two seccomp  filters,  both  filters  must  have  the  same  attribute  values  and  no
       overlapping architectures.


RETURN VALUE
       Returns zero on success and negative values on failure.


EXAMPLES
       #include <seccomp.h>

       int main(int argc, char *argv[])
       {
            int rc = -1;
            scmp_filter_ctx ctx_32, ctx_64;

            ctx_32 = seccomp_init(SCMP_ACT_KILL);
            if (ctx_32 == NULL)
                 goto out_all;
            ctx_64 = seccomp_init(SCMP_ACT_KILL);
            if (ctx_64 == NULL)
                 goto out_all;

            if (seccomp_arch_exist(ctx_32, SCMP_ARCH_X86) == -EEXIST) {
                 rc = seccomp_arch_add(ctx_32, SCMP_ARCH_X86);
                 if (rc != 0)
                      goto out_all;
                 rc = seccomp_arch_remove(ctx_32, SCMP_ARCH_NATIVE);
                 if (rc != 0)
                      goto out_all;
            }
            if (seccomp_arch_exist(ctx_64, SCMP_ARCH_X86_64) == -EEXIST) {
                 rc = seccomp_arch_add(ctx_64, SCMP_ARCH_X86_64);
                 if (rc != 0)
                      goto out_all;
                 rc = seccomp_arch_remove(ctx_64, SCMP_ARCH_NATIVE);
                 if (rc != 0)
                      goto out_all;
            }

            /* ... */

            rc = seccomp_merge(ctx_64, ctx_32);
            if (rc != 0)
                 goto out_all;

            /* NOTE: the 'ctx_32' filter is no longer valid at this point */

            /* ... */

       out:
            seccomp_release(ctx_64);
            return -rc;
       out_all:
            seccomp_release(ctx_32);
            goto out;
       }


NOTES
       While  the  seccomp filter can be generated independent of the kernel, kernel support is required to load
       and enforce the seccomp filter generated by libseccomp.

       The libseccomp project site, with more information and the  source  code  repository,  can  be  found  at
       http://libseccomp.sf.net.   This  library  is  currently under development, please report any bugs at the
       project site or directly to the author.


AUTHOR
       Paul Moore <paul@paul-moore.com>


SEE ALSO
       seccomp_init(3),  seccomp_reset(3),  seccomp_arch_add(3),  seccomp_arch_remove(3),   seccomp_attr_get(3),
       seccomp_attr_set(3)